@strapi/strapi 4.0.0-beta.2 → 4.0.0-beta.20

package/lib/factories.d.ts

@@ -0,0 +1,48 @@
+import { Service } from './core-api/service';
+import { Controller } from './core-api/controller';
+import { Middleware } from './middlewares';
+import { Policy } from './core/registries/policies';
+
+type ControllerConfig = Controller;
+
+type ServiceConfig = Service;
+
+type HandlerConfig = {
+  auth: false | { scope: string[] };
+  policies: Array<string | Policy>;
+  middlewares: Array<string | Middleware>;
+};
+
+type SingleTypeRouterConfig = {
+  find: HandlerConfig;
+  update: HandlerConfig;
+  delete: HandlerConfig;
+};
+
+type CollectionTypeRouterConfig = {
+  find: HandlerConfig;
+  findOne: HandlerConfig;
+  create: HandlerConfig;
+  update: HandlerConfig;
+  delete: HandlerConfig;
+};
+
+type RouterConfig = {
+  prefix: string;
+  only: string[];
+  except: string[];
+  config: SingleTypeRouterConfig | CollectionTypeRouterConfig;
+};
+
+interface Route {
+  method: string;
+  path: string;
+}
+interface Router {
+  prefix: string;
+  routes: Route[];
+}
+
+export function createCoreRouter(uid: string, cfg: RouterConfig): () => Router;
+export function createCoreController(uid: string, cfg: ControllerConfig): () => Controller;
+export function createCoreService(uid: string, cfg: ServiceConfig): () => Service;

package/lib/factories.js

@@ -0,0 +1,84 @@
+'use strict';
+
+const { pipe, omit, pick } = require('lodash/fp');
+
+const { createController } = require('./core-api/controller');
+const { createService } = require('./core-api/service');
+const { createRoutes } = require('./core-api/routes');
+
+const createCoreController = (uid, cfg = {}) => {
+  return ({ strapi }) => {
+    const baseController = createController({
+      contentType: strapi.contentType(uid),
+    });
+
+    let userCtrl = typeof cfg === 'function' ? cfg({ strapi }) : cfg;
+
+    for (const methodName of Object.keys(baseController)) {
+      if (userCtrl[methodName] === undefined) {
+        userCtrl[methodName] = baseController[methodName];
+      }
+    }
+
+    Object.setPrototypeOf(userCtrl, baseController);
+    return userCtrl;
+  };
+};
+
+const createCoreService = (uid, cfg = {}) => {
+  return ({ strapi }) => {
+    const baseService = createService({
+      contentType: strapi.contentType(uid),
+    });
+
+    let userService = typeof cfg === 'function' ? cfg({ strapi }) : cfg;
+
+    for (const methodName of Object.keys(baseService)) {
+      if (userService[methodName] === undefined) {
+        userService[methodName] = baseService[methodName];
+      }
+    }
+
+    Object.setPrototypeOf(userService, baseService);
+    return userService;
+  };
+};
+
+const createCoreRouter = (uid, cfg = {}) => {
+  const { prefix, config = {}, only, except } = cfg;
+  let routes;
+
+  return {
+    get prefix() {
+      return prefix;
+    },
+    get routes() {
+      if (!routes) {
+        const contentType = strapi.contentType(uid);
+
+        const defaultRoutes = createRoutes({ contentType });
+
+        Object.keys(defaultRoutes).forEach(routeName => {
+          const defaultRoute = defaultRoutes[routeName];
+
+          Object.assign(defaultRoute.config, config[routeName] || {});
+        });
+
+        const selectedRoutes = pipe(
+          routes => (except ? omit(except, routes) : routes),
+          routes => (only ? pick(only, routes) : routes)
+        )(defaultRoutes);
+
+        routes = Object.values(selectedRoutes);
+      }
+
+      return routes;
+    },
+  };
+};
+
+module.exports = {
+  createCoreController,
+  createCoreService,
+  createCoreRouter,
+};

package/lib/index.d.ts

@@ -2,6 +2,7 @@ import { Database } from '@strapi/database';
 import { EntityService } from './services/entity-service';
 import { Strapi as StrapiClass } from './Strapi';
 
+export * as factories from './factories';
 interface StrapiInterface extends StrapiClass {
   query: Database['query'];
   entityService: EntityService;

package/lib/index.js

@@ -1,3 +1,7 @@
 'use strict';
 
-module.exports = require('./Strapi');
+const Strapi = require('./Strapi');
+
+Strapi.factories = require('./factories');
+
+module.exports = Strapi;

package/lib/middlewares/body.js

@@ -0,0 +1,33 @@
+'use strict';
+
+const { defaultsDeep } = require('lodash/fp');
+const body = require('koa-body');
+
+const defaults = {
+  multipart: true,
+  patchKoa: true,
+};
+
+/**
+ * @type {import('./').MiddlewareFactory}
+ */
+module.exports = config => {
+  const bodyConfig = defaultsDeep(defaults, config);
+
+  return async (ctx, next) => {
+    // TODO: find a better way later
+    if (ctx.url === '/graphql') {
+      return next();
+    }
+
+    try {
+      await body({ patchKoa: true, ...bodyConfig })(ctx, next);
+    } catch (e) {
+      if ((e || {}).message && e.message.includes('maxFileSize exceeded')) {
+        return ctx.payloadTooLarge('FileTooBig');
+      }
+
+      throw e;
+    }
+  };
+};

package/lib/middlewares/compression.js

@@ -5,4 +5,4 @@ const compress = require('koa-compress');
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = options => compress(options);
+module.exports = config => compress(config);

package/lib/middlewares/cors.js

@@ -1,5 +1,6 @@
 'use strict';
 
+const { defaultsDeep } = require('lodash/fp');
 const cors = require('@koa/cors');
 
 const defaults = {
@@ -14,7 +15,7 @@ const defaults = {
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = options => {
+module.exports = config => {
   const {
     origin,
     expose,
@@ -23,7 +24,7 @@ module.exports = options => {
     methods,
     headers,
     keepHeadersOnError,
-  } = Object.assign({}, defaults, options);
+  } = defaultsDeep(defaults, config);
 
   return cors({
     async origin(ctx) {

package/lib/middlewares/errors.js

@@ -1,135 +1,40 @@
 'use strict';
 
-const _ = require('lodash');
-const Boom = require('@hapi/boom');
-const delegate = require('delegates');
-
-const boomMethods = [
-  'badRequest',
-  'unauthorized',
-  'paymentRequired',
-  'forbidden',
-  'notFound',
-  'methodNotAllowed',
-  'notAcceptable',
-  'proxyAuthRequired',
-  'clientTimeout',
-  'conflict',
-  'resourceGone',
-  'lengthRequired',
-  'preconditionFailed',
-  'entityTooLarge',
-  'uriTooLong',
-  'unsupportedMediaType',
-  'rangeNotSatisfiable',
-  'expectationFailed',
-  'teapot',
-  'badData',
-  'locked',
-  'failedDependency',
-  'preconditionRequired',
-  'tooManyRequests',
-  'illegal',
-  'badImplementation',
-  'notImplemented',
-  'badGateway',
-  'serverUnavailable',
-  'gatewayTimeout',
-];
-
-const formatBoomPayload = boomError => {
-  if (!Boom.isBoom(boomError)) {
-    boomError = Boom.boomify(boomError, {
-      statusCode: boomError.status || 500,
-    });
-  }
-
-  const { output } = boomError;
-
-  if (output.statusCode < 500 && !_.isNil(boomError.data)) {
-    output.payload.data = boomError.data;
-  }
-
-  return { status: output.statusCode, body: output.payload };
-};
-
-/**
- * Create short responses ctx.(send|created|deleted)
- * @param {Strapi} strapi
- */
-const createResponseUtils = strapi => {
-  const delegator = delegate(strapi.server.app.context, 'response');
-
-  boomMethods.forEach(method => {
-    strapi.server.app.response[method] = function(msg, ...rest) {
-      const boomError = Boom[method](msg, ...rest) || {};
-
-      const { status, body } = formatBoomPayload(boomError);
-
-      // keep retro-compatibility for old error formats
-      body.message = msg || body.data || body.message;
-
-      this.body = body;
-      this.status = status;
-    };
-
-    delegator.method(method);
-  });
-
-  strapi.server.app.response.send = function(data, status = 200) {
-    this.status = status;
-    this.body = data;
-  };
-
-  strapi.server.app.response.created = function(data) {
-    this.status = 201;
-    this.body = data;
-  };
-
-  strapi.server.app.response.deleted = function(data) {
-    if (_.isNil(data)) {
-      this.status = 204;
-    } else {
-      this.status = 200;
-      this.body = data;
-    }
-  };
-
-  delegator
-    .method('send')
-    .method('created')
-    .method('deleted');
-};
-
-/**
- * @type {import('./').MiddlewareFactory}
- */
-module.exports = (options, { strapi }) => {
-  createResponseUtils(strapi);
-  strapi.errors = Boom;
-
+const { HttpError, ApplicationError } = require('@strapi/utils').errors;
+const {
+  formatApplicationError,
+  formatHttpError,
+  formatInternalError,
+} = require('../services/errors');
+
+module.exports = (/* _, { strapi } */) => {
   return async (ctx, next) => {
     try {
-      // App logic.
       await next();
 
-      if (_.isNil(ctx.body) && (_.isNil(ctx.status) || ctx.status === 404)) {
-        ctx.notFound();
+      if (!ctx.response._explicitStatus) {
+        return ctx.notFound();
       }
     } catch (error) {
-      // emit error if configured
-      if (strapi.config.get('server.emitErrors', false)) {
-        strapi.server.app.emit('error', error, ctx);
+      if (error instanceof ApplicationError) {
+        const { status, body } = formatApplicationError(error);
+        ctx.status = status;
+        ctx.body = body;
+        return;
       }
 
-      const { status, body } = formatBoomPayload(error);
-
-      if (status >= 500) {
-        strapi.log.error(error);
+      if (error instanceof HttpError) {
+        const { status, body } = formatHttpError(error);
+        ctx.status = status;
+        ctx.body = body;
+        return;
       }
 
-      ctx.body = body;
+      strapi.log.error(error);
+
+      const { status, body } = formatInternalError(error);
       ctx.status = status;
+      ctx.body = body;
     }
   };
 };

package/lib/middlewares/favicon.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const { resolve } = require('path');
-const { defaultsDeep } = require('lodash');
+const { defaultsDeep } = require('lodash/fp');
 const favicon = require('koa-favicon');
 
 const defaults = {
@@ -12,8 +12,8 @@ const defaults = {
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = (options, { strapi }) => {
-  const { maxAge, path: faviconPath } = defaultsDeep(defaults, options);
+module.exports = (config, { strapi }) => {
+  const { maxAge, path: faviconPath } = defaultsDeep(defaults, config);
 
   return favicon(resolve(strapi.dirs.root, faviconPath), { maxAge });
 };

package/lib/middlewares/index.d.ts

@@ -1,4 +1,5 @@
 import { Strapi } from '../';
 import { Middleware } from 'koa';
 
-export type MiddlewareFactory = (options: any, ctx: { strapi: Strapi }) => Middleware;
+export type MiddlewareFactory = (config: any, ctx: { strapi: Strapi }) => Middleware | null;
+export type Middleware = Middleware;

package/lib/middlewares/index.js

@@ -7,7 +7,8 @@ const favicon = require('./favicon');
 const ip = require('./ip');
 const logger = require('./logger');
 const poweredBy = require('./powered-by');
-const request = require('./request');
+const body = require('./body');
+const query = require('./query');
 const responseTime = require('./response-time');
 const responses = require('./responses');
 const security = require('./security');
@@ -25,7 +26,8 @@ module.exports = {
   logger,
   compression,
   responses,
-  request,
+  body,
+  query,
   favicon,
   public: publicStatic,
 };

package/lib/middlewares/ip.js

@@ -5,4 +5,4 @@ const ip = require('koa-ip');
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = options => ip(options);
+module.exports = config => ip(config);

package/lib/middlewares/logger.js

@@ -16,7 +16,7 @@ const codeToColor = code => {
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = (options, { strapi }) => {
+module.exports = (_, { strapi }) => {
   return async (ctx, next) => {
     const start = Date.now();
     await next();

package/lib/middlewares/powered-by.js

@@ -1,5 +1,7 @@
 'use strict';
 
+const { defaultsDeep } = require('lodash/fp');
+
 const defaults = {
   poweredBy: 'Strapi <strapi.io>',
 };
@@ -7,8 +9,8 @@ const defaults = {
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = options => {
-  const { poweredBy } = Object.assign({}, defaults, options);
+module.exports = config => {
+  const { poweredBy } = defaultsDeep(defaults, config);
 
   return async (ctx, next) => {
     await next();

package/lib/middlewares/public/index.js

@@ -11,17 +11,14 @@ const serveStatic = require('./serve-static');
 
 const defaults = {
   maxAge: 60000,
-  path: './public',
   defaultIndex: true,
 };
 
 /**
  * @type {import('../').MiddlewareFactory}
  */
-module.exports = (options, { strapi }) => {
-  const { defaultIndex, maxAge, path: publicPath } = defaultsDeep(defaults, options);
-
-  const staticDir = path.resolve(strapi.dirs.root, publicPath || strapi.config.paths.static);
+module.exports = (config, { strapi }) => {
+  const { defaultIndex, maxAge } = defaultsDeep(defaults, config);
 
   if (defaultIndex === true) {
     const index = fs.readFileSync(path.join(__dirname, 'index.html'), 'utf8');
@@ -83,7 +80,7 @@ module.exports = (options, { strapi }) => {
       {
         method: 'GET',
         path: '/(.*)',
-        handler: koaStatic(staticDir, {
+        handler: koaStatic(strapi.dirs.public, {
           maxage: maxAge,
           defer: true,
         }),
@@ -122,5 +119,5 @@ module.exports = (options, { strapi }) => {
     },
   ]);
 
-  return async (ctx, next) => next();
+  return null;
 };

package/lib/middlewares/query.js

@@ -0,0 +1,46 @@
+'use strict';
+
+const { defaultsDeep } = require('lodash/fp');
+const qs = require('qs');
+
+const defaults = {
+  strictNullHandling: true,
+  arrayLimit: 100,
+  depth: 20,
+};
+
+/**
+ * Body parser hook
+ */
+const addQsParser = (app, settings) => {
+  Object.defineProperty(app.request, 'query', {
+    configurable: false,
+    enumerable: true,
+    /*
+     * Get parsed query-string.
+     */
+    get() {
+      const qstr = this.querystring;
+      const cache = (this._querycache = this._querycache || {});
+      return cache[qstr] || (cache[qstr] = qs.parse(qstr, settings));
+    },
+
+    /*
+     * Set query-string as an object.
+     */
+    set(obj) {
+      this.querystring = qs.stringify(obj);
+    },
+  });
+
+  return app;
+};
+
+/**
+ * @type {import('./').MiddlewareFactory}
+ */
+module.exports = (config, { strapi }) => {
+  addQsParser(strapi.server.app, defaultsDeep(defaults, config));
+
+  return null;
+};

package/lib/middlewares/responses.js

@@ -5,12 +5,12 @@ const { prop, isFunction } = require('lodash/fp');
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = (options = {}) => {
+module.exports = (config = {}) => {
   return async (ctx, next) => {
     await next();
 
     const status = ctx.status;
-    const handler = prop(`handlers.${status}`, options);
+    const handler = prop(`handlers.${status}`, config);
 
     if (isFunction(handler)) {
       await handler(ctx);

package/lib/middlewares/security.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const { defaultsDeep } = require('lodash/fp');
+const { defaultsDeep, merge } = require('lodash/fp');
 const helmet = require('koa-helmet');
 
 const defaults = {
@@ -8,7 +8,15 @@ const defaults = {
   crossOriginOpenerPolicy: false,
   crossOriginResourcePolicy: false,
   originAgentCluster: false,
-  contentSecurityPolicy: false,
+  contentSecurityPolicy: {
+    useDefaults: true,
+    directives: {
+      'connect-src': ["'self'", 'https:'],
+      'img-src': ["'self'", 'data:', 'blob:'],
+      'media-src': ["'self'", 'data:', 'blob:'],
+      upgradeInsecureRequests: null,
+    },
+  },
   xssFilter: false,
   hsts: {
     maxAge: 31536000,
@@ -22,4 +30,22 @@ const defaults = {
 /**
  * @type {import('./').MiddlewareFactory}
  */
-module.exports = options => helmet(defaultsDeep(defaults, options));
+module.exports = config => (ctx, next) => {
+  let helmetConfig = defaultsDeep(defaults, config);
+
+  if (
+    ctx.method === 'GET' &&
+    ['/graphql', '/documentation'].some(str => ctx.path.startsWith(str))
+  ) {
+    helmetConfig = merge(helmetConfig, {
+      contentSecurityPolicy: {
+        directives: {
+          'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net'],
+          'img-src': ["'self'", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],
+        },
+      },
+    });
+  }
+
+  return helmet(helmetConfig)(ctx, next);
+};

package/lib/middlewares/session/index.js

@@ -9,7 +9,7 @@ const session = require('koa-session');
  */
 module.exports = strapi => {
   const requireStore = store => {
-    return require(path.resolve(strapi.config.appPath, 'node_modules', 'koa-' + store));
+    return require(path.resolve(strapi.dirs.root, 'node_modules', 'koa-' + store));
   };
 
   const defineStore = session => {

package/lib/services/auth/index.js

@@ -3,8 +3,7 @@
 const { strict: assert } = require('assert');
 const { has, prop } = require('lodash/fp');
 
-class UnauthorizedError extends Error {}
-class ForbiddenError extends Error {}
+const { UnauthorizedError } = require('@strapi/utils').errors;
 
 const INVALID_STRATEGY_MSG =
   'Invalid auth strategy. Expecting an object with properties {name: string, authenticate: function, verify: function}';
@@ -22,10 +21,6 @@ const createAuthentication = () => {
   const strategies = {};
 
   return {
-    errors: {
-      UnauthorizedError,
-      ForbiddenError,
-    },
     register(type, strategy) {
       validStrategy(strategy);
 

package/lib/services/entity-service/attributes/index.js

@@ -0,0 +1,31 @@
+'use strict';
+
+const transforms = require('./transforms');
+
+const applyTransforms = (data, context) => {
+  const { contentType } = context;
+
+  const entries = Object.entries(data);
+
+  for (const [attributeName, value] of entries) {
+    const attribute = contentType.attributes[attributeName];
+
+    if (!attribute) {
+      continue;
+    }
+
+    const transform = transforms[attribute.type];
+
+    if (transform) {
+      const attributeContext = { ...context, attributeName, attribute };
+
+      data[attributeName] = transform(value, attributeContext);
+    }
+  }
+
+  return data;
+};
+
+module.exports = {
+  applyTransforms,
+};